<!doctype html>



  


<html class="theme-next mist use-motion" lang="zh-Hans">
<head>
  <meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>



<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />












  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />




  
  
  
  

  
    
    
  

  

  

  

  

  
    
    
    <link href="//fonts.googleapis.com/css?family=Lato:300,300italic,400,400italic,700,700italic&subset=latin,latin-ext" rel="stylesheet" type="text/css">
  






<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />

<link href="/css/main.css?v=5.1.0" rel="stylesheet" type="text/css" />


  <meta name="keywords" content="web安全,ClickJacking,点击劫持," />








  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico?v=5.1.0" />






<meta name="description" content="1.1 漏洞描述“Clickjacking（点击劫持）是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼在2008年提出的。是一种视觉欺骗手段，在web端就是iframe嵌套一个透明不可见的页面，让用户在不知情的情况下，点击攻击者想要欺骗用户点击的位置。”
1.2 漏洞危害总的来说，当你访问一个恶意网站的时候，攻击者可以控制你的浏览器对一些链接的访问，这个漏洞影响到几乎所有浏览器，除非你使用 lyn">
<meta property="og:type" content="article">
<meta property="og:title" content="web安全（3）-- ClickJacking（点击劫持）">
<meta property="og:url" content="http://www.taneroom.cn/2016/11/25/web安全（3）-ClickJacking（点击劫持）/index.html">
<meta property="og:site_name" content="TaneRoom">
<meta property="og:description" content="1.1 漏洞描述“Clickjacking（点击劫持）是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼在2008年提出的。是一种视觉欺骗手段，在web端就是iframe嵌套一个透明不可见的页面，让用户在不知情的情况下，点击攻击者想要欺骗用户点击的位置。”
1.2 漏洞危害总的来说，当你访问一个恶意网站的时候，攻击者可以控制你的浏览器对一些链接的访问，这个漏洞影响到几乎所有浏览器，除非你使用 lyn">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144254806.png">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144340807.png">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144417854.png">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144447512.png">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144520714.png">
<meta property="og:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144557639.png">
<meta property="og:updated_time" content="2016-11-25T08:21:47.244Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="web安全（3）-- ClickJacking（点击劫持）">
<meta name="twitter:description" content="1.1 漏洞描述“Clickjacking（点击劫持）是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼在2008年提出的。是一种视觉欺骗手段，在web端就是iframe嵌套一个透明不可见的页面，让用户在不知情的情况下，点击攻击者想要欺骗用户点击的位置。”
1.2 漏洞危害总的来说，当你访问一个恶意网站的时候，攻击者可以控制你的浏览器对一些链接的访问，这个漏洞影响到几乎所有浏览器，除非你使用 lyn">
<meta name="twitter:image" content="http://www.taneroom.cn/images/2016/11/25/20161102144254806.png">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Mist',
    sidebar: {"position":"left","display":"post"},
    fancybox: true,
    motion: true,
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://www.taneroom.cn/2016/11/25/web安全（3）-ClickJacking（点击劫持）/"/>





  <title> web安全（3）-- ClickJacking（点击劫持） | TaneRoom </title>
</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">

  



  <script type="text/javascript">
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "//hm.baidu.com/hm.js?91ca0f0e00c720ad3b92033fd9766f4b";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>








  
  
    
  

  <div class="container one-collumn sidebar-position-left page-post-detail ">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-meta ">
  

  <div class="custom-logo-site-title">
    <a href="/"  class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <span class="site-title">TaneRoom</span>
      <span class="logo-line-after"><i></i></span>
    </a>
  </div>
  <p class="site-subtitle">低调的码农</p>
</div>

<div class="site-nav-toggle">
  <button>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
    <span class="btn-bar"></span>
  </button>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br />
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br />
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/about" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br />
            
            关于
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal " itemscope itemtype="http://schema.org/Article">
  <link itemprop="mainEntityOfPage" href="http://www.taneroom.cn/2016/11/25/web安全（3）-ClickJacking（点击劫持）/">

  <span style="display:none" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <meta itemprop="name" content="TaneRoom">
    <meta itemprop="description" content="">
    <meta itemprop="image" content="/images/avatar.png">
  </span>

  <span style="display:none" itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
    <meta itemprop="name" content="TaneRoom">
    <span style="display:none" itemprop="logo" itemscope itemtype="http://schema.org/ImageObject">
      <img style="display:none;" itemprop="url image" alt="TaneRoom" src="">
    </span>
  </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">
            
            
              
                web安全（3）-- ClickJacking（点击劫持）
              
            
          </h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>
              <time title="Post created" itemprop="dateCreated datePublished" datetime="2016-11-25T15:32:35+08:00">
                2016-11-25
              </time>
            

            

            
          </span>

          
            <span class="post-category" >
              <span class="post-meta-divider">|</span>
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/web安全/" itemprop="url" rel="index">
                    <span itemprop="name">web安全</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
              <span class="post-comments-count">
                <span class="post-meta-divider">|</span>
                <a href="/2016/11/25/web安全（3）-ClickJacking（点击劫持）/#comments" itemprop="discussionUrl">
                  <span class="post-comments-count ds-thread-count" data-thread-key="2016/11/25/web安全（3）-ClickJacking（点击劫持）/" itemprop="commentCount"></span>
                </a>
              </span>
            
          

          

          
          
             <span id="/2016/11/25/web安全（3）-ClickJacking（点击劫持）/" class="leancloud_visitors" data-flag-title="web安全（3）-- ClickJacking（点击劫持）">
               <span class="post-meta-divider">|</span>
               <span class="post-meta-item-icon">
                 <i class="fa fa-eye"></i>
               </span>
               <span class="post-meta-item-text">阅读次数 </span>
               <span class="leancloud-visitors-count"></span>
              </span>
          

          

          

        </div>
      </header>
    


    <div class="post-body" itemprop="articleBody">

      
      

      
        <h2 id="1-1-漏洞描述"><a href="#1-1-漏洞描述" class="headerlink" title="1.1 漏洞描述"></a>1.1 漏洞描述</h2><p>“Clickjacking（点击劫持）是由互联网安全专家罗伯特·汉森和耶利米·格劳斯曼在2008年提出的。是一种视觉欺骗手段，在web端就是iframe嵌套一个透明不可见的页面，让用户在不知情的情况下，点击攻击者想要欺骗用户点击的位置。”</p>
<h2 id="1-2-漏洞危害"><a href="#1-2-漏洞危害" class="headerlink" title="1.2 漏洞危害"></a>1.2 漏洞危害</h2><p>总的来说，当你访问一个恶意网站的时候，攻击者可以控制你的浏览器对一些链接的访问，这个漏洞影响到几乎所有浏览器，除非你使用 lynx 一类的字符浏览器。这个漏洞与 JavaScript 无关，即使你关闭浏览器的 JavaScript 功能也无能为力。事实上这是浏览器工作原理中的一个缺陷，无法通过简单的补丁解决。一个恶意网站能让你在毫不知情的情况下点击任意链接，任意按钮或网站上任意东西。</p>
<h2 id="1-3-漏洞演示"><a href="#1-3-漏洞演示" class="headerlink" title="1.3 漏洞演示"></a>1.3 漏洞演示</h2><p>假设你访问一个web站点并看到如下的页面：<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144254806.png" alt="enter description here" title="伪造的页面"><br>免费的午餐谁都喜欢，当你满怀期待的点击按钮“WIN”的时候，恭喜你，你已经被点击劫持了。你实际点击的链接如下：<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144340807.png" alt="enter description here" title="实际访问页面"><br>这是登录网上银行之后的一个转账链接，转移你的全部资产给Kim Dotcom先生。但是你根本你没有看到这个页面，像做梦一样。这只是一个简单的示例，实现上在网上银行转账不会这么简单，但是却告诉我们一个道理，访问网页和看魔术表演一样，看到的不一定都是真的。</p>
<p>下面我们具体讨论下点击劫持的内部机制和防御措施。</p>
<h3 id="1-3-1-内部机制"><a href="#1-3-1-内部机制" class="headerlink" title="1.3.1 内部机制"></a>1.3.1 内部机制</h3><p>点击劫持的表象一般是用户点击了页面的A元素，但是实际上接收点击事件的却是另外一个元素。<br>现在改变下页面内个元素的透明度，再来看下刚才的页面。<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144417854.png" alt="enter description here" title="透视分析伪造的页面"><br>我们可以看到，在ipad页面是上部还有个层，实际上是一个iframe，现在的透明度为50%，实际的页面中它的透明度为0%，虽然被隐藏不可见，但是随时都可以被激活。<br>在 Firefox的3D视图下，观察这个页面更明显。<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144447512.png" alt="enter description here" title="3D分析伪造的页面"><br>被隐藏的iframe在IPAD页面的上部，同时转款的链接正好在“WIN”的上方，因为设置了透明度，用户只能看到“WIN”，但实际点击的是转款。<br>攻击者的页面内容可能是这样的：<br><figure class="highlight stylus"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div></pre></td><td class="code"><pre><div class="line">&lt;<span class="selector-tag">div</span> style=<span class="string">"position: absolute; left: 10px; top: 10px;"</span>&gt;</div><div class="line">  Hey - we<span class="string">'re giving away iPad minis!!! Just click the WIN button and it'</span>s yours!!!</div><div class="line">&lt;/div&gt;</div><div class="line">&lt;<span class="selector-tag">div</span> style=<span class="string">"position: absolute; left: 200px; top: 50px;"</span>&gt;</div><div class="line">  &lt;<span class="selector-tag">img</span> src=<span class="string">"http://images.apple.com/my/ipad-mini/overview/images/hero.jpg"</span> <span class="attribute">width</span>=<span class="string">"250"</span>&gt;</div><div class="line">&lt;/div&gt;</div><div class="line">&lt;<span class="selector-tag">div</span> style=<span class="string">"position: absolute; left: 10px; top: 101px; color: red; font-weight: bold;"</span>&gt;&gt;&gt; WIN &lt;&lt;&lt;/div&gt;</div><div class="line">&lt;<span class="selector-tag">iframe</span> style=<span class="string">"opacity: 0;"</span> <span class="attribute">height</span>=<span class="string">"545"</span> width=<span class="string">"680"</span> scrolling=<span class="string">"no"</span> src=<span class="string">"http://mybank/Transfer.aspx"</span>&gt;&lt;/iframe&gt;</div></pre></td></tr></table></figure></p>
<p>代码就是这么简单，下面我们观察一下点击“WIN”时实际上点击“转款”链接时的http请求信息。<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144520714.png" alt="enter description here" title="根据请求分析伪造的页面"><br>从图中标记的地方，可以看到请求的实际地址和身份验证的cookie信息。当然这样的攻击能成功，在于用户已经登录的网上银行。这样的攻击行为和跨站请求伪造很类似。<br>下面我们讨论下针对点击劫持的基本防御方法。</p>
<h3 id="1-3-2-防御措施"><a href="#1-3-2-防御措施" class="headerlink" title="1.3.2 防御措施"></a>1.3.2 防御措施</h3><h4 id="1-3-2-1、Frame-busting"><a href="#1-3-2-1、Frame-busting" class="headerlink" title="1.3.2.1、Frame busting"></a>1.3.2.1、Frame busting</h4><p>这是在页面上通过脚本(JS)来防止点击劫持或者iframe恶意请求的方式，本文不做介绍，详见<a href="http://seclab.stanford.edu/websec/framebusting/framebust.pdf，乌云有篇类似的中文文章共参考http://drops.wooyun.org/papers/104。" target="_blank" rel="external">http://seclab.stanford.edu/websec/framebusting/framebust.pdf，乌云有篇类似的中文文章共参考http://drops.wooyun.org/papers/104。</a><br>frame busting是指利用js判断location以防止网页被别人iframe内嵌的一个实现 。<br><figure class="highlight vbscript-html"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">&lt;script&gt;</div><div class="line">if(top!=window)&#123;</div><div class="line">  top.location=window.location</div><div class="line">&#125;</div><div class="line">&lt;/script&gt;</div></pre></td></tr></table></figure></p>
<p>但是可以通过onbeforeunload事件来阻止这种跳转。<br><figure class="highlight vbscript-html"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">&lt;script&gt;</div><div class="line">window.onbeforeunload=function()&#123;</div><div class="line">  window.onbeforeunload  = null;</div><div class="line">  return "Maybe you want to leave the page, before you become rich?"</div><div class="line">&#125;</div><div class="line">&lt;/script&gt;</div></pre></td></tr></table></figure></p>
<p>参考：<a href="http://javascript.info/tutorial/clickjacking" target="_blank" rel="external">http://javascript.info/tutorial/clickjacking</a></p>
<h4 id="1-3-2-2-The-X-Frame-Options"><a href="#1-3-2-2-The-X-Frame-Options" class="headerlink" title="1.3.2.2 The X-Frame-Options"></a>1.3.2.2 The X-Frame-Options</h4><p>X-Frame-Options HTTP 响应头，可以指示浏览器是否应该加载一个iframe中的页面。网站可以通过设置X-Frame-Options阻止站点内的页面被其他页面嵌入从而防止点击劫持。</p>
<h5 id="1-3-2-2-1-X-Frame-Options"><a href="#1-3-2-2-1-X-Frame-Options" class="headerlink" title="1.3.2.2.1 X-Frame-Options"></a>1.3.2.2.1 X-Frame-Options</h5><p>X-Frame-Options共有三个值：<br>DENY<br>任何页面都不能被嵌入到iframe或者frame中。<br>SAMEORIGIN<br>页面只能被本站页面嵌入到iframe或者frame中。<br>ALLOW-FROM Uri<br>页面自能被指定的Uri嵌入到iframe或frame中。</p>
<h5 id="1-3-2-2-2-Apache配置X-Frame-Options"><a href="#1-3-2-2-2-Apache配置X-Frame-Options" class="headerlink" title="1.3.2.2.2 Apache配置X-Frame-Options"></a>1.3.2.2.2 Apache配置X-Frame-Options</h5><p>在站点配置文件httpd.conf中添加如下配置，限制只有站点内的页面才可以嵌入iframe。<br>Header always append X-Frame-Options SAMEORIGIN<br>配置之后重启apache使其生效。该配置方式对IBM HTTP Server同样适用。<br>如果同一apache服务器上有多个站点，只想针对一个站点进行配置，可以修改.htaccess文件，添加如下内容：<br>Header append X-FRAME-OPTIONS “SAMEORIGIN”</p>
<h5 id="1-3-2-2-3-Nginx-配置X-Frame-Options"><a href="#1-3-2-2-3-Nginx-配置X-Frame-Options" class="headerlink" title="1.3.2.2.3 Nginx 配置X-Frame-Options"></a>1.3.2.2.3 Nginx 配置X-Frame-Options</h5><p>到 nginx/conf文件夹下，修改nginx.conf ，添加如下内容：<br>add_header X-Frame-Options “SAMEORIGIN”;<br><img src="http://www.taneroom.cn/images/2016/11/25/20161102144557639.png" alt="enter description here" title="nginx配置"><br>重启Nginx服务。</p>
<h5 id="1-3-2-2-4-IIS配置X-Frame-Options"><a href="#1-3-2-2-4-IIS配置X-Frame-Options" class="headerlink" title="1.3.2.2.4 IIS配置X-Frame-Options"></a>1.3.2.2.4 IIS配置X-Frame-Options</h5><p>在web站点的web.config中配置：<br><figure class="highlight vbscript-html"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line">&lt;system.webServer&gt;</div><div class="line">  ...</div><div class="line">  &lt;httpProtocol&gt;</div><div class="line">    &lt;customHeaders&gt;</div><div class="line">      &lt;add name="X-Frame-Options" value="SAMEORIGIN" /&gt;</div><div class="line">    &lt;/customHeaders&gt;</div><div class="line">  &lt;/httpProtocol&gt;</div><div class="line">  ...</div><div class="line">&lt;/system.webServer&gt;</div></pre></td></tr></table></figure></p>
<h5 id="1-3-2-2-5-结果"><a href="#1-3-2-2-5-结果" class="headerlink" title="1.3.2.2.5 结果"></a>1.3.2.2.5 结果</h5><p>在 Firefox 尝试加载 frame 的内容时，如果 X-Frame-Options 响应头设置为禁止访问了，那么 Firefox 会用 about:blank 展现到 frame 中。也许从某种方面来讲的话，展示为错误消息会更好一点。</p>
<h3 id="1-3-3-浏览器兼容性"><a href="#1-3-3-浏览器兼容性" class="headerlink" title="1.3.3 浏览器兼容性"></a>1.3.3 浏览器兼容性</h3><p>桌面浏览器：</p>
<table>
<thead>
<tr>
<th>特性</th>
<th>Chrome</th>
<th>Firefox (Gecko)</th>
<th>Internet Explorer</th>
<th>Opera</th>
<th>Safari</th>
</tr>
</thead>
<tbody>
<tr>
<td>基础支持</td>
<td>4.1.249.1042</td>
<td>3.6.9 (1.9.2.9)</td>
<td>8.0</td>
<td>10.5</td>
<td>4.0</td>
</tr>
<tr>
<td>ALLOW-FROM 支持</td>
<td>Not supported</td>
<td>18.0 (18.0) bug 690168</td>
<td>8.0?</td>
<td>?</td>
<td>Not supported WebKit bug 94836</td>
</tr>
<tr>
<td>特性</td>
<td>Android</td>
<td>Chrome Android 版</td>
<td>Firefox 移动版 (Gecko)</td>
<td>IE 移动版</td>
<td>Opera 移动版</td>
</tr>
<tr>
<td>基础支持</td>
<td>？</td>
<td>?</td>
<td>?</td>
<td>?</td>
<td>?</td>
</tr>
</tbody>
</table>
<p>参考：<a href="http://www.cnblogs.com/xuanhun/p/3610981.html?utm_source=tuicool&amp;utm_medium=referral" target="_blank" rel="external">http://www.cnblogs.com/xuanhun/p/3610981.html?utm_source=tuicool&amp;utm_medium=referral</a></p>

      
    </div>

    <div>
      
        
<div id="wechat_subscriber" style="display: block; padding: 10px 0; margin: 20px auto; width: 100%; text-align: center">
    <img id="wechat_subscriber_qcode" src="/images/donate/wechat.png" alt="TaneRoom wechat" style="width: 200px; max-width: 100%;"/>
    <div>请博主喝一杯咖啡！</div>
</div>


      
    </div>

    <div>
      
        

      
    </div>


    <footer class="post-footer">
      
        <div class="post-tags">
          
            <a href="/tags/web安全/" rel="tag"># web安全</a>
          
            <a href="/tags/ClickJacking/" rel="tag"># ClickJacking</a>
          
            <a href="/tags/点击劫持/" rel="tag"># 点击劫持</a>
          
        </div>
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2016/11/25/web安全（2）-CSRF（跨站点请求伪造）/" rel="next" title="web安全（2）-- CSRF（跨站点请求伪造）">
                <i class="fa fa-chevron-left"></i> web安全（2）-- CSRF（跨站点请求伪造）
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2016/11/25/web安全（4）-sql注入/" rel="prev" title="web安全（4）-- sql注入">
                web安全（4）-- sql注入 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </article>



    <div class="post-spread">
      
        <div class="ds-share flat" data-thread-key="2016/11/25/web安全（3）-ClickJacking（点击劫持）/"
     data-title="web安全（3）-- ClickJacking（点击劫持）"
     data-content=""
     data-url="http://www.taneroom.cn/2016/11/25/web安全（3）-ClickJacking（点击劫持）/">
  <div class="ds-share-inline">
    <ul  class="ds-share-icons-16">

      <li data-toggle="ds-share-icons-more"><a class="ds-more" href="javascript:void(0);">分享到：</a></li>
      <li><a class="ds-weibo" href="javascript:void(0);" data-service="weibo">微博</a></li>
      <li><a class="ds-qzone" href="javascript:void(0);" data-service="qzone">QQ空间</a></li>
      <li><a class="ds-qqt" href="javascript:void(0);" data-service="qqt">腾讯微博</a></li>
      <li><a class="ds-wechat" href="javascript:void(0);" data-service="wechat">微信</a></li>

    </ul>
    <div class="ds-share-icons-more">
    </div>
  </div>
</div>
      
    </div>
  </div>


          </div>
          


          
  <div class="comments" id="comments">
    
      <div class="ds-thread" data-thread-key="2016/11/25/web安全（3）-ClickJacking（点击劫持）/"
           data-title="web安全（3）-- ClickJacking（点击劫持）" data-url="http://www.taneroom.cn/2016/11/25/web安全（3）-ClickJacking（点击劫持）/">
      </div>
    
  </div>


        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap" >
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
          <img class="site-author-image" itemprop="image"
               src="/images/avatar.png"
               alt="TaneRoom" />
          <p class="site-author-name" itemprop="name">TaneRoom</p>
          <p class="site-description motion-element" itemprop="description">低调的码农</p>
        </div>
        <nav class="site-state motion-element">
          <div class="site-state-item site-state-posts">
            <a href="/archives">
              <span class="site-state-item-count">11</span>
              <span class="site-state-item-name">日志</span>
            </a>
          </div>

          
            <div class="site-state-item site-state-categories">
              <a href="/categories">
                <span class="site-state-item-count">2</span>
                <span class="site-state-item-name">分类</span>
              </a>
            </div>
          

          
            <div class="site-state-item site-state-tags">
              <a href="/tags">
                <span class="site-state-item-count">12</span>
                <span class="site-state-item-name">标签</span>
              </a>
            </div>
          

        </nav>

        

        <div class="links-of-author motion-element">
          
            
              <span class="links-of-author-item">
                <a href="http://weibo.com/u/2711247437" target="_blank" title="Weibo">
                  
                    <i class="fa fa-fw fa-weibo"></i>
                  
                  Weibo
                </a>
              </span>
            
              <span class="links-of-author-item">
                <a href="http://blog.csdn.net/tanzhen1991910" target="_blank" title="CSDN">
                  
                    <i class="fa fa-fw fa-book"></i>
                  
                  CSDN
                </a>
              </span>
            
          
        </div>

        
        

        
        

        


      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#1-1-漏洞描述"><span class="nav-number">1.</span> <span class="nav-text">1.1 漏洞描述</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#1-2-漏洞危害"><span class="nav-number">2.</span> <span class="nav-text">1.2 漏洞危害</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#1-3-漏洞演示"><span class="nav-number">3.</span> <span class="nav-text">1.3 漏洞演示</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#1-3-1-内部机制"><span class="nav-number">3.1.</span> <span class="nav-text">1.3.1 内部机制</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#1-3-2-防御措施"><span class="nav-number">3.2.</span> <span class="nav-text">1.3.2 防御措施</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#1-3-2-1、Frame-busting"><span class="nav-number">3.2.1.</span> <span class="nav-text">1.3.2.1、Frame busting</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#1-3-2-2-The-X-Frame-Options"><span class="nav-number">3.2.2.</span> <span class="nav-text">1.3.2.2 The X-Frame-Options</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-2-2-1-X-Frame-Options"><span class="nav-number">3.2.2.1.</span> <span class="nav-text">1.3.2.2.1 X-Frame-Options</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-2-2-2-Apache配置X-Frame-Options"><span class="nav-number">3.2.2.2.</span> <span class="nav-text">1.3.2.2.2 Apache配置X-Frame-Options</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-2-2-3-Nginx-配置X-Frame-Options"><span class="nav-number">3.2.2.3.</span> <span class="nav-text">1.3.2.2.3 Nginx 配置X-Frame-Options</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-2-2-4-IIS配置X-Frame-Options"><span class="nav-number">3.2.2.4.</span> <span class="nav-text">1.3.2.2.4 IIS配置X-Frame-Options</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#1-3-2-2-5-结果"><span class="nav-number">3.2.2.5.</span> <span class="nav-text">1.3.2.2.5 结果</span></a></li></ol></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#1-3-3-浏览器兼容性"><span class="nav-number">3.3.</span> <span class="nav-text">1.3.3 浏览器兼容性</span></a></li></ol></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright" >
  
  &copy; 
  <span itemprop="copyrightYear">2016</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">TaneRoom</span>
</div>


<div class="powered-by">
  由 <a class="theme-link" href="https://hexo.io">Hexo</a> 强力驱动
</div>

<div class="theme-info">
  主题 -
  <a class="theme-link" href="https://github.com/iissnan/hexo-theme-next">
    NexT.Mist
  </a>
</div>


        

        
      </div>
    </footer>

    <div class="back-to-top">
      <i class="fa fa-arrow-up"></i>
    </div>
  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  



  
  <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>

  
  <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>

  
  <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>

  
  <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>

  
  <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.0"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.0"></script>



  
  

  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.0"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.0"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.0"></script>



  

  
    
  

  <script type="text/javascript">
    var duoshuoQuery = {short_name:"taneroom"};
    (function() {
      var ds = document.createElement('script');
      ds.type = 'text/javascript';ds.async = true;
      ds.id = 'duoshuo-script';
      ds.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//static.duoshuo.com/embed.js';
      ds.charset = 'UTF-8';
      (document.getElementsByTagName('head')[0]
      || document.getElementsByTagName('body')[0]).appendChild(ds);
    })();
  </script>

  
    
    
    <script src="/lib/ua-parser-js/dist/ua-parser.min.js?v=0.7.9"></script>
    <script src="/js/src/hook-duoshuo.js"></script>
  








  
  

  

  

  
  <script src="https://cdn1.lncld.net/static/js/av-core-mini-0.6.1.js"></script>
  <script>AV.initialize("BnRa0PjEwPETnK8UggnNxrvQ-gzGzoHsz", "gTNTrFanjWAJhrkpXA6VDjbf");</script>
  <script>
    function showTime(Counter) {
      var query = new AV.Query(Counter);
      var entries = [];
      var $visitors = $(".leancloud_visitors");

      $visitors.each(function () {
        entries.push( $(this).attr("id").trim() );
      });

      query.containedIn('url', entries);
      query.find()
        .done(function (results) {
          var COUNT_CONTAINER_REF = '.leancloud-visitors-count';

          if (results.length === 0) {
            $visitors.find(COUNT_CONTAINER_REF).text(0);
            return;
          }

          for (var i = 0; i < results.length; i++) {
            var item = results[i];
            var url = item.get('url');
            var time = item.get('time');
            var element = document.getElementById(url);

            $(element).find(COUNT_CONTAINER_REF).text(time);
          }
          for(var i = 0; i < entries.length; i++) {
            var url = entries[i];
            var element = document.getElementById(url);
            var countSpan = $(element).find(COUNT_CONTAINER_REF);
            if( countSpan.text() == '') {
              countSpan.text(0);
            }
          }
        })
        .fail(function (object, error) {
          console.log("Error: " + error.code + " " + error.message);
        });
    }

    function addCount(Counter) {
      var $visitors = $(".leancloud_visitors");
      var url = $visitors.attr('id').trim();
      var title = $visitors.attr('data-flag-title').trim();
      var query = new AV.Query(Counter);

      query.equalTo("url", url);
      query.find({
        success: function(results) {
          if (results.length > 0) {
            var counter = results[0];
            counter.fetchWhenSave(true);
            counter.increment("time");
            counter.save(null, {
              success: function(counter) {
                var $element = $(document.getElementById(url));
                $element.find('.leancloud-visitors-count').text(counter.get('time'));
              },
              error: function(counter, error) {
                console.log('Failed to save Visitor num, with error message: ' + error.message);
              }
            });
          } else {
            var newcounter = new Counter();
            /* Set ACL */
            var acl = new AV.ACL();
            acl.setPublicReadAccess(true);
            acl.setPublicWriteAccess(true);
            newcounter.setACL(acl);
            /* End Set ACL */
            newcounter.set("title", title);
            newcounter.set("url", url);
            newcounter.set("time", 1);
            newcounter.save(null, {
              success: function(newcounter) {
                var $element = $(document.getElementById(url));
                $element.find('.leancloud-visitors-count').text(newcounter.get('time'));
              },
              error: function(newcounter, error) {
                console.log('Failed to create');
              }
            });
          }
        },
        error: function(error) {
          console.log('Error:' + error.code + " " + error.message);
        }
      });
    }

    $(function() {
      var Counter = AV.Object.extend("Counter");
      if ($('.leancloud_visitors').length == 1) {
        addCount(Counter);
      } else if ($('.post-title-link').length > 1) {
        showTime(Counter);
      }
    });
  </script>



  
<script>
(function(){
    var bp = document.createElement('script');
    var curProtocol = window.location.protocol.split(':')[0];
    if (curProtocol === 'https') {
        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';        
    }
    else {
        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
    }
    var s = document.getElementsByTagName("script")[0];
    s.parentNode.insertBefore(bp, s);
})();
</script>


  


</body>
</html>
